The SSH details section is just a little further down in the config, and it is already set up and turned on. Although you should not be required to make to make any changes within this section, you can find the details about each line below.

The SSH details section is just a little further down in the config, and it is already set up and turned on. Although you should not be required to make to make any changes within this section, you can find the details about each line below.

-

[ssh-iptables]

+

''​[ssh-iptables]

enabled ​ = true

enabled ​ = true

+

filter ​ = sshd

filter ​ = sshd

+

action ​ = iptables[name=SSH,​ port=ssh, protocol=tcp]

action ​ = iptables[name=SSH,​ port=ssh, protocol=tcp]

​sendmail-whois[name=SSH,​ dest=root, sender=fail2ban@example.com]

​sendmail-whois[name=SSH,​ dest=root, sender=fail2ban@example.com]

+

logpath ​ = /​var/​log/​secure

logpath ​ = /​var/​log/​secure

-

maxretry = 5

+

+

maxretry = 5''​

Enabled simply refers to the fact that SSH protection is on. You can turn it off with the word "​false"​.

Enabled simply refers to the fact that SSH protection is on. You can turn it off with the word "​false"​.

Line 78:

Line 83:

eg. iptables[name=SSH,​ port=30000, protocol=tcp]

eg. iptables[name=SSH,​ port=30000, protocol=tcp]

You can change the protocol from TCP to UDP in this line as well, depending on which one you want fail2ban to monitor.

You can change the protocol from TCP to UDP in this line as well, depending on which one you want fail2ban to monitor.

-

-

If you have a mail server set up on your virtual private server, Fail2Ban can email you when it bans an IP address. In the default case, the sendmail-whois refers to the actions located at /​etc/​fail2ban/​action.d/​sendmail-whois.conf.